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REMARKS 


This paper is responsive to the Non-Final Office Action dated April 24, 2003. Claims 1 - 
35 were examined. Claims 1-35 were rejected. In addition, objections have been raised to 
claims 26 and 29. Claims 1 and 24 have been amended. Claims 36 - 41 have been added. 


The Office action objects to claims 26 and 29 imder 37 C.F.R. § 1.75(c), as being of 
improper dependent form for failing to further limit the subject matter of precious claims. 
Applicant respectfiilly traverses the objection. The subject matter of claims 26 and 29 are further 
narrow the subject matter of their parent claims. Although claim 24 refers to an information 
resource (in the positive recital of a proxy therefore), claim 24 does not require the information 
resource itself. Claim 26 adds the requirement of an information resource in the security system 
of claim 24. Similarly, claim 27 refers to the security barrier, but the information security 
system of claim 27 does not include a security barrier. Claim 29 adds a security barrier to the 
information security system of claim 27, 


The Office Action rejects claims 1, 2, 6, 10, 13, 15, 16, and 24 - 29 under 35 U.S.C. 
§ 103(a) as being unpatentable over U.S. Patent 5,835,726, granted to Shwed, et al. (the Shwed 
reference) in view of U,S, Patent No. 5,602,918, granted to Chen, et al. (the Chen reference). 
The Office Action also rejects claims 4, 5, 7 - 9, 14, and 17 - 23 under 35 U.S.C. §103(a) as 
being unpatentable over the Shwed reference in view of the Chen reference, and fiirther in view 
of U.S. Patent No. 5,870,549, granted to Bobo II (the Bobd reference). The Office Action also 
rejects claims 30, 31 - 33, and 35 under 35 U.S.C. § 103(a) as being mipatentable over U.S. 
Patent 5,710,889, granted to Clark, et al. (the Clark reference) in view of the Chen reference. 
Applicant respectfiilly traverses all of these rejections. 

The Office Action rejects independent claims 1, 24, and 27 based on an improper 
interpretation of the Shwed reference modified to include a firewall as disclosed in the Chen 
reference. Since the relied upon disclosure of Shwed is that of a packet filtering firewall, there is 
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no suggestion or motivation to combine or modify the Shwed reference with the Chen reference 
to add a firewall. The Office Action uses the same mistaken understanding of the Shwed 
reference modified to include data translation as disclosed in the Bobo reference to reject 
independent claims 17 and 22. The Shwed reference does not teach or suggest Applicant's 
claims. Moreover, the addition of the Chen reference or the Bobo reference still does not teach 
or suggest Applicant's claims. Nonetheless, in an effort to more clearly recite two quaUtatively 
different features, namely (i) validating of message encoded in accordance with a structured 
language, and (ii) transmission of a message so validated across a security barrier, Applicant has 
amended certain of the claims. 

The Shwed reference 

The Shwed reference discloses 1) packet filtering, and 2) key exchange between a source 
and destination. Neither the Shwed packet filtering disclosure nor the Shwed key exchange 
between a source and destination disclosure teach or suggest requirements of Applicant's claims. 
More specifically, the Shwed reference does not teach or suggest "validating a request message 
encoded in a structure request language against a predefined request message specification 
therefor. . . vaUdating a response message encoded in a structured response language against a 
predefined response message specification therefor, the response message corresponding to the 
validated request" as found in claim 1, "validates a request message encoded in a structured 
request language against a predefined request message specification therefor " as found in claim 
24, or "preparing a request message corresponding to the access request in a structured 
language corresponding to a predefined request message specification... validating the 
request message against the predefined request message specification" as found in claim 27. 

The Shwed reference discloses packet filtering to control packet flow for securing private 
networks from outside attack (Abstract), and does not ensure compliance with a predefined 
message specification and does not contemplate a structured language. The Shwed 
reference never discusses validating messages against a message specification. The Office 
Action erroneously interprets a packet filter to be equivalent to a message specification. 
Validating messages against a message specification is a fundamentally different function than 
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packet filtering. Packet filtering rules (i.e., a set of permits and denies for particular Internet 
Protocol addresses) do not correspond to a structured language. 

The Shwed reference also discloses request and response messages when describing a 
key exchange between a source and destination. The Shwed reference discloses a key exchange 
between two firewalls (Figures 16, 17, and 20) and between a firewall and a personal computer 
(Figures 21 - 23). These exchanges disclosed in the Shwed reference are not similar to the 
above quoted claim language. 

The Shwed reference and the Chen reference 

As already discussed, the Shwed reference does not teach or suggest Applicant's claims. 
The Office Action states that the Shwed reference does not disclose a security barrier, and thus 
employs the Chen reference to add a firewall. However, the Shwed reference discloses a 
firewall. Therefore, there is no suggestion or motivation to combine or modify the Shwed 
reference with the Chen reference, at least because the Shwed reference already discusses 
firewalls. Hence, the addition of the Chen reference does not add anything to the Shwed 
reference. The Shwed reference in view of the Chen reference does not disclose or suggest 
Applicant's claims, especially the above quoted claim language. 

Neither the Shwed reference nor the Chen reference standing alone or in combination 
teach or suggest Applicant's claimed invention. For at least the reasons stated above, Applicant 
respectfully submits that Applicant's independent claims 1, 24, and 27 are patentable over the 
Shwed reference in view of the Chen reference and that Applicant's claims are allowable. 

The Shwed reference, the Chen reference, and the Bobo reference 

The Office Action attempts to modify the Shwed reference with both the Chen reference 
and the Bobo reference to support a rejection of Applicant's independent claims 17 and 22. For 
the reasons discussed above, the Shwed reference, standing alone or modified in view of the 
Chen reference, does not teach or suggest "a request message specification corresponding to a 
structured request language. . .validating the formatted access request in accordance with the 
request message specification. . .forwarding the vahdated access request across the security 
barrier" as found in claim 17 or "the data broker validates a request message against a 


- 14- 


response to 4 24 03 oa 004-3633.doc 


Application No.: 09/357,726 




PATENT 


predefined request message specification that corresponds to a structured language and 

forwards only validated request messages across the secxirity barrier" as found in claim 24. As 
stated above, packet filtering and message validation are not the same. In addition, a packet 
filter does not correspond to a structured language. 

In addition, the Office Action does not address "predefining a request message 
specification corresponding to a structured request language" as found in claim 17. There is 
no indication that this element is found in any of the references discussed in the Office Action, 
and Applicant respectfully submits that these references do not disclose or suggest the quoted 
claim language from claim 17. 

The Bobo reference discloses a message storage and deliver system that translates voice 
messages and facsimiles into hypertext markup language files (Abstract). The Bobo reference 
does not teach or suggest "formatting an access request in accordance with the structured request 
language" as found in claim 17 or "formatting a response to an access request targeting the 
information resource, the formatted response being in accordance with the structured response 
language" as found in claim 22. The Office Action assumes that translating voice messages and 
facsimiles into a markup language format is formatting a response or request in accordance with 
a structured request or response language. The Bobo reference discloses receiving requests for 
files or messages, but never describes or suggests formatting the requests in accordance with a 
structured request language. Even if translating and formatting were equivalent, which they are 
not, the Bobo reference never discloses translating requests. Attempting to equate translating 
and formatting as done by the Office Action suggests that the Bobo reference could translate its 
requests as it translates voice messages and facsimile data, but such a translation of requests 
would cause an unintended result. 

Neither the Shwed reference, the Chen reference, nor the Bobo reference, standing alone 
or in combination, teach or suggest Applicant's claimed invention. For at least the reasons stated 
above, Applicant respectfully submits that Applicant's independent claims 17 and 22 are 
patentable over the Shwed reference in view of the Chen reference and the Bobo reference, and 
that AppHcant's claims are allowable. 

The Clark reference and the Chen reference 
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The Clark reference discloses "an interface device for electronically integrating a 
plurality of financial services provided at different geographical locations. . .and delivering such 
services directly to a customer facility at any time requested by the customer" (Abstract). The 
Clark reference discloses the interface device processing transaction instruction messages (TI) 
from customers. "The header and main body portions of the messages are in a structured format, 
either adhering to industry standards (e.g., message formatting standards managed by the Society 
for Worldwide Interbank Financial Telecommunications ("S.W.LF.T.")), or meeting 
administrative requirements of the delivery system" (col. 7, line 63 - col. 8, line 2). The global 
interface device of the Clark reference "receives the message. . .and then validates the 
construction of the message. . .." (col. 10, lines 19 - 24). 

However, the Clark reference does not teach or suggest "parser code including 
instructions executable as a first instance thereof to validate the received access requests against 
the predefined request message specification" as found in claim 30. The TI messages disclosed 
in the Clark reference are specifically described as containing "a series of defined data elements 
that identify the customer, user, location, branch, account, message type, date, time, and so forth" 
(col. 7, Hnes 56 - 58). An access request is not a TI message, although an access request can 
contain a TI message. Even if a TI message is similar to an access request, which it is not, the 
functionality performed by the global interface device as disclosed in the Clark reference is not 
similar to the functionality claimed by Applicant. When the global interface device performs the 
construction validation as disclosed in the Clark reference, it is ensuring that the message 
includes the particular data elements. A global interface device that ensures inclusion of 
particular data elements in a message is not similar to parser code that validates access requests 
against a predefined request message specification. 

In addition to not teaching or suggesting Applicant's above quoted claim limitation, the 
Office Action admits that the Clark reference does not teach or suggest "data broker code 
including instructions executable as a first instance thereof to. . . forward validated ones of the 
access requests across the security barrier toward the information resource" as found in claim 30. 
So, the Office Action relies on the Chen reference. 
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The Office Action attempts to achieve Applicant's claimed invention by modifying the 
Clark reference in view of the Chen reference in a conclusive fashion. There is no suggestion or 
motivation to modify the Clark reference with the Chen reference. The Chen reference does not 
teach or suggest the above quoted claim limitation. 

Neither the Clark reference nor the Chen reference, standing alone or in combination, 
teach or suggest Applicant's claimed invention. For at least the reasons stated above, Applicant 
respectfully submits that Applicant's independent claim 30 is patentable over the Clark reference 
in view of the Chen reference, and that Applicant's claims are allowable. 

Dependent Claims 

The Office Action rejects dependent claim 3 under 35 U.S.C. § 103(a) as being 
unpatentable over the Shwed reference in view of the Chen reference and further in view of 
"Applied Cryptography" (the Schneier reference). The Office Action also rejects dependent 
claims 1 1 and 12 under 35 U.S.C. §103(a) as being unpatentable over the Shwed reference in 
view of the Chen reference and fiirther in view of U.S. Patent No. 5,835,726, granted to 
Ottensooser (the Ottensooser reference). The Office Action also rejects dependent claim 34 
under 35 U.S.C. §103 (a) as being unpatentable over the Shwed reference in view of the Chen 
reference and fiirther in view of the Bobo reference. 

As previously discussed, the Shwed reference modified with the Chen reference does not 
teach or suggest any of Applicant's independent claims. 


The rejection to claim 3 is unclear because the heading for the rejection refers to the 
Schneier reference, but the explanation of the rejection refers to U.S. Patent No. 5,805,803, 
granted to Birrell et al. (the Birrell reference). AppUcant respectfully submits that neither the 
Schneier reference nor the Birrell reference on their own or with the Shwed reference teaches or 
suggests claim 3. 


Claim 3 


- 17- 


response to 4 24 03 oa 004-3633.doc 


Application No.: 09/357,726 




PATENT 


Claims 11 and 12 


The Office Action cites to sections of the Ottensooser reference that disclose a script 
definition language (SDL) parser and a Plan parser (col. 7, lines 53 - 63). The Ottensooser 
reference discloses the SDL parser loading System Static Tables and checking a script definition 
file before loading Script Definition Tables to be used by the Plan parser (col. 7, lines 54 - 55). 
The Plan parser of the Ottensooser reference uses the Script Definition Tables and the System 
Static Tables to validate a plan (col. 1, lines 59 - 61). The Ottensooser reference does not teach 
or suggest "parsing the request message using Data Type Definitions (DTDs) encoding a 
hierarchy of valid tag-value pairs in accordance with syntax of a valid request message; and if 
the request message is not successfully parsed, forwarding a response message without 
transmission of the request message across the security barrier" as found in claim 1 1 or 
parsing the response message using Data Type Definitions (DTDs) encoding a hierarchy of tag- 
value pairs in accordance with syntax of a valid response message" as found in claim 12. 

Claim 34 

The Shwed reference modified in view of the Chen reference and the Bobo reference 
does not teach or suggest claim 34 for at least the reasons discussed above with respect to claims 


All of the dependent claims 2 - 16, 18 - 19, 23, 25 - 26, 28 - 29, and 31 - 41 are 
dependent on corresponding ones of the above allowable independent claims. Applicant 
respectfully submits that all of the dependent claims are allowable for at least the reasons 
discussed above. 


In summary, claims 1 - 41 are in the case. All claims are beheved to be allowable over 
the art of record, and a Notice of Allowance to that effect is respectfully solicited. Nonetheless, 
if any issues remain that could be more efficiently handled by telephone, the Examiner is 
requested to call the undersigned at the number listed below. 


17 and 22. 
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CERTIFICATE OF MAILING OR TRANSMISSION 

I hereby certify that, on the date shown below, this 
correspondence is being 

□ deposited with the US Postal Service with sufficient postage 
as first class mail, in an envelope addressed to Commissioner 
for Patents, P. O. Box 1450, Alexandria, VA 22313-1450. 

□ facsimile transmitted to the US Patent and Trademark Office. 


Steven R. Gilliam 


Date 
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Respectfully submitted, 



Steven R. Gilliam, Reg. No. 51,734 
Attorney for Applicant(s) 
(512) 347-9030 
(512) 347-9031 (fax) 


response to 4 24 03 oa 004-3633.doc 


- 19- 


Application No.: 09/357,726 


